Hardware Trojans are malicious alterations to a circuit, such as an integrated circuit, during design and/or fabrication of the circuit. Such alterations may include addition of circuitry to the circuit, removal of circuitry from the circuit, or any suitable combination thereof. The malicious alterations may be of any suitable size and may be small or large. As one non-limiting example, hardware Trojans may be introduced by adding one or more components (e.g., one or more logic gates, one or more transistors, one or more diodes, etc.) to a circuit, removing one or more such components from a circuit, or any suitable combination thereof. As another non-limiting example, circuitry configured to perform a particular function, such as a microcontroller, may be added to a circuit.
When an integrated circuit contains one or more hardware Trojans, these Trojans may disrupt operation of the integrated circuit or any other circuitry coupled to the integrated circuit. For example, hardware Trojans may be used to cause the integrated circuit to malfunction and/or perform one or more functions, such as a function that may constitute or be part of a security attack.
Detecting the presence of hardware Trojans in integrated circuits is therefore an important problem. Indeed, many semiconductor companies and other businesses outsource manufacture of integrated circuits and/or products comprising integrated circuits to external fabrication facilities. As such, it has become easier to introduce anomalies such as hardware Trojans into integrated circuits, further motivating the development of techniques for detecting hardware Trojans.
However, detecting hardware Trojans is challenging for numerous reasons. One reason is that a hardware Trojan may be small and, for example, may constitute one or a small number of components (e.g., gates, transistors, diodes, etc.) in an integrated circuit comprising many such components (e.g., thousands or more, tens of thousands or more, millions or more, etc.). Another reason is that a hardware Trojan may be dormant until activated and a priori knowledge of how the Trojan is activated is not available. Yet another reason that detecting hardware Trojans is challenging is that their structure and function may be unknown.
Some conventional techniques for detecting hardware Trojans in integrated circuits involve examining the structure integrated circuits for the presence of physical alterations. However, detecting such physical alterations in an integrated circuit requires costly, and possibly destructive, inspection of the integrated circuit that is performed by using expensive equipment.
Other conventional techniques for detecting hardware Trojans are based on the Trojans' use of power. When inputs to an integrated circuit are held constant, the integrated circuit may consume power because components of the integrated circuit (e.g., logic gates, transistors, etc.) may pass (sometimes termed “leak”) a small non-zero amount of current. This current is sometimes termed “leakage current” and the corresponding power is sometimes termed “leakage power” or “static power.” Because a hardware Trojan may comprise components (e.g., logic gates, transistors, etc.) that draw leakage power, an integrated circuit may be tested for the presence of a hardware Trojan by comparing the amount of power drawn by the integrated circuit with the amount of power drawn by a corresponding Trojan-free integrated circuit.